Web Service Authorization

Purpose: Use the Web Service Authorization screen to work with authentication requirements for Order Broker web services. By setting up and requiring user IDs and passwords for web services, you confirm that Order Broker authenticates the identity of the system submitting web service requests.

Authentication is always required. When Order Broker receives a web service request without a valid web service user and password, the request is refused with an error: Inbound Message failed validation.

IDCS or OCI IAM setup required: Each web service user must also be created in IDCS or OCI IAM.

About store locations and Xstore Office on premises: The Xstore Office on premises solution differs from other solutions in that it serves as the parent for any related store locations. Any store locations that are assigned a parent ID do not require setup as web service users; instead, you configure external access for Xstore Office on premises, and this “parent” handles authentication for all related store locations.

When authentication is required for a request originating from any location associated with the Xstore Office parent ID, the parent ID’s authentication credentials are used.

Recognizing Xstore Office store locations: When a request specifies a client ID that matches the format used in IDCS or OCI IAM to identify stores related to Xstore Office on premises, Order Broker obtains the client ID of the Xstore Office on premises application, and uses it for authentication.

Order Broker uses the CLOUD_APP_CLIENT table to track client IDs for store locations that use the Xstore Office parent ID.

Note:

Order Broker does not use these web service authorization settings for web service requests that Order Broker sends to an external system, such as the Oracle Maps Cloud Service.

For more information: See the Omnichannel Web Service Authentication Configuration Guide at https://support.oracle.com/epmos/faces/DocumentDisplay?id=2728265.1 for instructions on web service authentication configuration.

How to display this screen: Select Web Service Authorization from the Systems Menu.

Note:

Only users with Web Service Authorization authority can display this screen. See the Role Wizard for more information.

Options at this screen

Option	Procedure
work with web service users	Click the edit icon () for a web service to advance to the Web Service User screen, where you can work with users identifying systems that use the web service.

Fields at this screen

Field	Description
Web Service	An Order Broker web service: Admin: Includes: ProductUpdate LocationUpdate LocationDetail Email Out API setDSAcknowledge getInventoryAvailability getDSOrders setDSShipConfirm Store Associate Location Assignment Note: Admin authority is also required for the inventory quantity web service; see Probability Rules Update and Incremental Quantity Web Service for background. Discovery: Requests include Location discovery and System discovery. Locate: Includes all requests related to the Routing Engine: EchoTest Fulfillments Intransit InventoryAvailability LocateItems OrderSearch OrderUpdate ProductAvailability StatusListRequest StatusRequest StatusUpdate SubmitOrder Private Data Request: Includes all requests to inquire on or delete private data: GetPrivateData ForgetPrivateData Purchasing: Includes all requests from the retailer to Order Broker related to the Supplier Direct Fulfillment module: CreateDSOrder CreateDSVendor GetDSChanges GetDSInvoices SetDSAddressChange SetDSCancel SetDSCostChange For more information: See the Operations Guide for details on the above messages. Oracle Retail Integration Cloud Service: Includes all requests received from Oracle Retail Integration Cloud Service (RICS). See Order Fulfillment through RICS Integration for background on order-related messages. This authentication is also required to receive individual updates to the available quantities for product locations through the Retail Integration Bus (RIB). See Available-to-Sell Individual Inventory Updates through Oracle Retail Integration Cloud Service (RICS) for a discussion. Run Job: Includes the Run Job request message to submit a job, as an alternative to submitting or scheduling a job at the Schedule Jobs screen. OAuth is required for the Run Job API. See the Operations Guide for background. Storage: Includes all requests from an integrating system to upload, download, inquire on, or delete files through File Storage API for Imports and Exports: putFile getFile getFiles deleteFile For more information: See the Operations Guide for details on the above messages. Vendor: Includes all requests submitted by an integrated vendor to Order Broker for the Supplier Direct Fulfillment module: setDSAcknowledge getDSOrders setDSShipConfirm For more information: See the Vendor Integration Guide for details on the above messages.
Edit	Click the edit icon () for a web service to advance to the Web Service User screen, where you can work with users identifying systems that use the web service.

Field

Description

Web Service

An Order Broker web service:

Admin: Includes:
- ProductUpdate
- LocationUpdate
- LocationDetail
- Email Out API
- setDSAcknowledge
- getInventoryAvailability
- getDSOrders
- setDSShipConfirm
- Store Associate Location Assignment

Note:

Admin authority is also required for the inventory quantity web service; see Probability Rules Update and Incremental Quantity Web Service for background.

Discovery: Requests include Location discovery and System discovery.
Locate: Includes all requests related to the Routing Engine:
- EchoTest
- Fulfillments
- Intransit
- InventoryAvailability
- LocateItems
- OrderSearch
- OrderUpdate
- ProductAvailability
- StatusListRequest
- StatusRequest
- StatusUpdate
- SubmitOrder
Private Data Request: Includes all requests to inquire on or delete private data:
- GetPrivateData
- ForgetPrivateData
Purchasing: Includes all requests from the retailer to Order Broker related to the Supplier Direct Fulfillment module:
- CreateDSOrder
- CreateDSVendor
- GetDSChanges
- GetDSInvoices
- SetDSAddressChange
- SetDSCancel
- SetDSCostChange

For more information: See the Operations Guide for details on the above messages.

Oracle Retail Integration Cloud Service: Includes all requests received from Oracle Retail Integration Cloud Service (RICS). See Order Fulfillment through RICS Integration for background on order-related messages.

This authentication is also required to receive individual updates to the available quantities for product locations through the Retail Integration Bus (RIB). See Available-to-Sell Individual Inventory Updates through Oracle Retail Integration Cloud Service (RICS) for a discussion.

Run Job:
Includes the Run Job request message to submit a job, as an alternative to submitting or scheduling a job at the Schedule Jobs screen. OAuth is required for the Run Job API. See the Operations Guide for background.
Storage: Includes all requests from an integrating system to upload, download, inquire on, or delete files through File Storage API for Imports and Exports:
- putFile
- getFile
- getFiles
- deleteFile

For more information: See the Operations Guide for details on the above messages.

Vendor: Includes all requests submitted by an integrated vendor to Order Broker for the Supplier Direct Fulfillment module:
- setDSAcknowledge
- getDSOrders
- setDSShipConfirm

For more information: See the Vendor Integration Guide for details on the above messages.

Edit

Click the edit icon () for a web service to advance to the Web Service User screen, where you can work with users identifying systems that use the web service.